Ukrainian Hacker Admits Role in Hacking Three Business Newswire Services

More suspects are expected to admit their crimes as well. Vadym Iermolovych, 28, of Kiev, Ukraine, pleaded guilty yesterday for his role in the hacking of business newswire services Marketwired, PR Newswire and Business Wire, from where he stole sensitive financial information and sold it to other parties that made fraudulent stock transactions.

Iermolovych and conspirators breached the three aforementioned services between February 2010 and August 2015, from where they stole non-public press releases that contained sensitive information such as earnings, gross margins, revenues, and other confidential information.

They then created a website on which they sold this information to interested third parties. These individuals, in turn, used the stolen non-public press releases to make ahead-of-time transactions on Wall Street and other stock exchanges.

Prosecutors said this website had “shopping list” and “wish list” functionality to allow the buyers to select or order the press releases they desired.

Hackers had access to PR assets for five years

During the five years they had access to these three services, the hackers managed to steal 150,000 press releases from hundreds of companies, among which the most well known are Bank of America, Caterpillar, Clorox, Honeywell, Hewlett-Packard, Panera Bread, and Verisign.

The hacker revealed that he and his partner used phishing to gain access to PR Newswire’s network, an SQL injection flaw to hack into Marketwired, and bought access to the already-hacked network of Business Wire.

Court documents revealed that Iermolovych and others made stock transactions of over $30 million (€27 million), gaining profits of over $100 million (€90 million).

Hacker faces more than 30 years in prison

Authorities arrested Iermolovych last fall, together with eight other suspects, while the SEC also filed charges against thirty suspects.

Iermolovych is the first hacker to plead guilty in this massive investigation. Previously three security traders also pleaded guilty: Alexander Garkusha, 48, of Cummings and Alpharetta, Georgia; Arkadiy Dubovoy, 51, and Igor Dubovoy, 29, of Alpharetta, Georgia.

According to the charges he pleaded guilty to, the hacker now faces 20 years in prison and a $250,000 fine for his wire fraud charge; five years in prison and a $250,000 fine for the charge of conspiracy to commit fraud and related activity in connection with computers carries; and a mandatory penalty of two years in prison to be added to the other sentences for his aggravated identity theft charge.

Hacking companies for insider trading has become a trend in recent years. Just this March, multiple US law firms saw cyber-attacks from hackers that wanted to breach their network.